To improve metal oxide semiconductor field effect transistors (MOSFET) performance, flat interface between gate insulator and silicon should be realized. In this paper, flattening process of Si surface below 1000 utilizing Ar/4.9%H2 annealing and its effect on ultrathin HfON gate insulator formation were investigated. The Si(100) substrates were annealed using conventional rapid thermal annealing (RTA) system in Ar or Ar/4.9%H2 ambient for 1 h. The surface roughness of Ar/4.9%H2-annealed Si was small compared to that of Ar-annealed Si because the surface oxidation was suppressed. The obtained root mean square (RMS) roughness was 0.08 nm (as-cleaned: 0.20 nm) in case of Ar/4.9%H2-annealed at 1000 measured by tapping mode atomic force microscopy (AFM). The HfON surface was also able to be flattened by reduction of Si surface roughness. The electrical properties of HfON gate insulator were improved by the reduction of Si surface roughness. We obtained equivalent oxide thickness (EOT) of 0.79 nm (as-cleaned: 1.04 nm) and leakage current density of 3.510-3 A/cm2 (as-cleaned: 6.110 -1 A/cm2) by reducing the Si surface roughness.

In this paper we establish a secure communication model where eavesdropper and intended receiver have multiple antennas. We use cooperation and jamming to achieve physical layer security. First, we study how to allocate power between the information bearing signal and the jamming signal. Second, based on this model, we also jointly optimize both the information bearing signal weights and the jamming signal weights to improve physical layer security. The optimal power allocation and the weights are obtained via an iteration algorithm to maximize the secrecy rate. Comparing with equal power allocation and some other different methods, it shows that using cooperative relaying and jamming can significantly improve the physical layer security from the simulation results.

In this paper, we investigate a relationship between the length-decreasing self-reducibility and the many-one-like reducibilities for partial multivalued functions. We show that if any parsimonious (many-one or metric many-one) complete function for NPMV (or NPMVg) is length-decreasing self-reducible, then any function in NPMV (or NPMVg) has a polynomial-time computable refinement. This result implies that there exists an NPMV (or NPMVg)-complete function which is not length-decreasing self-reducible unless P = NP.

In this paper, we present a construction of (n,k,d,m) secure regenerating codes for distributed storage systems against eavesdroppers that can observe either data stored in at most m storage nodes or downloaded data for repairing at most m failed nodes in a network where m < k ≤ d ≤ n-1. The (n,k,d,m) secure regenerating code is based on an (n,k,d) minimum bandwidth regenerating (MBR) code, which was proposed by Rashmi, Shah and Kumar as optimal exact-regenerating codes, for all values of the parameters (n,k,d). The (n,k,d,m) secure regenerating codes have the security as a secret sharing scheme such that even if an eavesdropper knows either data stored in at most m storage nodes or downloaded data for repairing at most m failed nodes, no information about data leaks to the eavesdropper.

This paper proposes an inner-product encryption (IPE) scheme, which achieves selectively fully-attribute-hiding security in the standard model almost tightly reduced from the decisional linear (DLIN) assumption, and whose ciphertext is almost the shortest among the existing (weakly/fully) attribute-hiding IPE schemes, i.e., it consists of n+4 elements of G and 1 element of GT for a prime-order symmetric bilinear group (G, GT), where n is the dimension of attribute/predicate vectors. We also present a variant of the proposed IPE scheme that enjoys shorter public and secret keys with preserving the security. A hierarchical IPE (HIPE) scheme can be realized that has short ciphertexts and selectively fully-attribute-hiding security almost tightly reduced from the DLIN assumption.

Secret sharing schemes have been proposed to protect content by dividing it into many pieces securely and distributing them over different locations. Secret sharing schemes can also be used for the secure delivery of content. The original content cannot be reconstructed by the attacker if the attacker cannot eavesdrop on all the pieces delivered from multiple content servers. This paper aims to obtain secure delivery routes for the pieces, which minimizes the probability that all the pieces can be stolen on the links composing the delivery routes. Although such a route optimization problem can be formulated using an ILP (Integer Linear Programming) model, optimum route computation based on the ILP model requires large amounts of computational resources. Thus, this paper proposes a lightweight route computation method for obtaining suboptimum delivery routes that achieve a sufficiently small probability of all the pieces being stolen. The proposed method computes the delivery routes successively by using the conventional shortest route algorithm repeatedly. The distance of the links accommodating the routes that have already been calculated is adjusted iteratively and utilized for calculation of the new shortest route. The results of a performance evaluation clarify that sufficiently optimum routes can be computed instantly even in practical large-scale networks by the proposed method, which adjusts the link distance strictly based on the risk level at the considered link.

This paper precisely characterizes secret sharing schemes based on arbitrary linear codes by using the relative dimension/length profile (RDLP) and the relative generalized Hamming weight (RGHW). We first describe the equivocation Δm of the secret vector =[s1,...,sl] given m shares in terms of the RDLP of linear codes. We also characterize two thresholds t1 and t2 in the secret sharing schemes by the RGHW of linear codes. One shows that any set of at most t1 shares leaks no information about , and the other shows that any set of at least t2 shares uniquely determines . It is clarified that both characterizations for t1 and t2 are better than Chen et al.'s ones derived by the regular minimum Hamming weight. Moreover, this paper characterizes the strong security in secret sharing schemes based on linear codes, by generalizing the definition of strongly-secure threshold ramp schemes. We define a secret sharing scheme achieving the α-strong security as the one such that the mutual information between any r elements of (s1,...,sl) and any α-r+1 shares is always zero. Then, it is clarified that secret sharing schemes based on linear codes can always achieve the α-strong security where the value α is precisely characterized by the RGHW.

It is becoming more and more important to make use of personal or classified information while keeping it confidential. A promising tool for meeting this challenge is secure multi-party computation (MPC). It enables multiple parties, each given a snippet of a secret s, to compute a function f(s) by communicating with each other without revealing s. However, one of the biggest problems with MPC is that it requires a vast amount of communication. Much research has gone into making each protocol (equality testing, interval testing, etc.) more efficient. In this work, we make a set of multiple protocols more efficient by transforming them into their equivalent batch processing form and propose two protocols: “Batch Logical OR” and “Batch Logical AND.” Using proposed protocols recursively, we also propose “Batch Logical OR-AND” and “Batch Logical AND-OR,” and show arbitrary formula consisting of Boolean protocols, OR gates, and AND gates can be batched. Existing logical OR and logical AND protocols consisting of t equality testing invocations have a communication complexity of O(t), where is the bit length of the secrets. Our batched versions of these protocols reduce it to O( + t). For t interval testing invocations, they reduce both communication and round complexity. Thus they can make the queries on a secret shared database more efficient. For example, the use of the proposed protocols reduces the communication complexity for a query consisting of equality testing and interval testing by approximately 70% compared to the use of the corresponding existing protocols. The concept of the proposed protocols is versatile and can be applied to logical formulae consisting of protocols other than equality testing and interval testing, thereby making them more efficient as well.

An important concept in secret sharing scheme is the access structure. However, determining the access structure of the secret sharing scheme based on a linear code is a very difficult problem. In this work, we provide a method to construct a class of two-weight linear codes over finite rings. Based on the two-weight codes, we present an access structure of a secret sharing scheme.

We consider secret key agreement for multiple terminals based on radio propagation characteristics in a wireless relaying system where more than two terminals communicate with each other via a relay. In this system, the multiple terminals share a common secret key generated from their radio propagation characteristics with the help of the relay in the presence of an eavesdropper. In this paper, we present three secret key agreement schemes: an amplify-and-forward (AF) scheme, a signal-combining amplify-and-forward (SC-AF) scheme, and a multiple-access amplify-and-forward (MA-AF) scheme. The key idea of these schemes is that each terminal shares the fading coefficients between all terminals and the relay, and use them as the source of a secret key. The AF scheme is based on a conventional amplify-and-forward two-way relaying method, whereas in the SC-AF scheme and the MA-AF scheme, we apply the idea of analog network coding to secret key agreement. We analyze eavesdropping strategies and show that the AF scheme is not secure if the eavesdropper is located near the relay and can receive signals from the relay without multipath fading and noise. Simulation results show that the SC-AF and MA-AF schemes are effective.

A secret broadcasting scheme deals with secure transmission of a message so that more than one privileged receiver can decrypt it. Jeong et al. proposed an efficient secret broadcast scheme using binding encryption to obtain the security properties of IND-CPA semantic security and decryption consistency. Thereafter, Wu et al. showed that the Jeong et al.'s scheme just achieves consistency in relatively weak condition and is also inefficient, and they constructed a more efficient scheme to improve the security. In this letter, we demonstrate that the Wu et al.'s scheme is also a weak decryption consistency and cannot achieve the decryption consistency if an adversary has the ability to tamper with the ciphertext. We also present an improved and more efficient secret broadcast scheme to remedy the weakness. The proposed scheme achieves decryption consistency and IND-CCA security, which can protect against stronger adversary's attacks and allows us to broadcast a digital message securely.

Proxy cryptosystems are classified into proxy decryption systems and proxy re-encryption systems on the basis of a proxy's role. In this paper, we propose an ID-based proxy cryptosystem with revocability and hierarchical confidentialities. In our scheme, on receiving a ciphertext, the proxy has the rights to perform the following three tasks according to the message confidentiality levels of the sender's intention: (1) to decrypt the ciphertext on behalf of the original decryptor; (2) to re-encrypt the ciphertext such that another user who is designated by the original decryptor can learn the message; (3) to do nothing except for forwarding the ciphertext to the original decryptor. Our scheme supports revocability in the sense that it allows proxy's decryption and re-encryption rights to be revoked even during the valid period of the proxy key without changing the original decryptor's public information. We prove that our proposal is indistinguishable against chosen identity and plaintext attacks in the standard model. We also show how to convert it into a system against chosen identity and ciphertext attacks by using the Fujisaki-Okamoto transformation.

Group key establishment is an important mechanism to construct a common session key for group communications. Conventional group key establishment protocols use an on-line trusted key generation center (KGC) to transfer the group key for each participant in each session. However, this approach requires that a trusted server be set up, and it incurs communication overhead costs. In this article, we address some security problems and drawbacks associated with existing group key establishment protocols. Besides, we use the concept of secret sharing scheme to propose a secure key transfer protocol to exclude impersonators from accessing the group communication. Our protocol can resist potential attacks and also reduce the overhead of system implementation. In addition, comparisons of the security analysis and functionality of our proposed protocol with some recent protocols are included in this article.

In this letter, we propose a power allocation scheme to optimize the ergodic secrecy rate of multiple-input single-output (MISO) fading wiretap channels with a probabilistic constraint, using the statistical channel state information (CSI) of the eavesdropper (CSI-E). The analytical expressions of the false secrecy probability are derived and used as constraints in the rate maximization problem. Moreover, we obtain a suboptimal solution by formulating the power allocation problem as a Rayleigh quotient problem.

We analyze the security notion of information-theoretic secrecy against an adversary who can make adaptive queries to the decryption oracle, and show that it is equivalent to requiring that the encryption scheme can perfectly encrypt +1 different messages. This immediately yields a lower bound on the key length and an optimal construction, namely (+1)-wise independent permutations. This also gives an operational interpretation to the notion of decryption oracles in information-theoretic security.

In (k,n) threshold scheme, Tompa and Woll considered a problem of cheaters who try to make another participant reconstruct an invalid secret. Later, some models of such cheating were formalized and lower bounds of the size of share were shown in the situation of fixing the maximum successful cheating probability to ε. Some efficient schemes in which size of share is equal to the lower bound were also proposed. Let |S| be the field size of the secret. Under the assumption that cheaters do not know the distributed secret, these sizes of share of previous schemes which can work for ε > 1/|S| are somewhat larger than the bound. In this paper, we show the bound for this case is really tight by constructing a new scheme. When distributing uniform secret, the bit length of share in the proposed scheme is only 1 bit longer than the known bound. Further, we show a tighter bound of the size of share in case of ε < 1/|S|.

This paper presents a non-interactive verifiable secret sharing scheme (VSS) tolerating a dishonest majority based on data pre-distributed by a trusted authority. As an application of this VSS scheme we present very efficient unconditionally secure protocols for performing multiplication of shares based on pre-distributed data which generalize two-party computations based on linear pre-distributed bit commitments. The main results of this paper are a non-interactive VSS, a simplified multiplication protocol for shared values based on pre-distributed random products, and non-interactive zero knowledge proofs for arbitrary polynomial relations. The security of the schemes is proved using the UC framework.

On-line secret sharing scheme, introduced by Cachin, is a computational variation of secret sharing scheme. It supports dynamic changing of access structures and reusable shares, by grace of public bulletin board. In this paper, first we introduce a formal model of on-line secret sharing scheme, and analyze existing on-line secret sharing schemes. As a result, it is shown that they are all vulnerable by giving concrete attacks. Next, we propose a novel on-line secret sharing scheme which is provably secure.

A Wireless Sensor Network has sensor nodes which have limited computational power and memory size. Due to the nature of the network, the data is vulnerable to attacks. Thus, maintaining confidentiality is an important issue. To compensate for this problem, there are many countermeasures which utilize common or public key cryptosystems that have been proposed. However, these methods have problems with establishing keys between the source and the destination nodes. When these two nodes try to establish new keys, they must exchange information several times. Also, the routes of the Wireless Sensor Networks can change frequently due to an unstable wireless connection and batteries running out on sensor nodes. These problems of security and failure become more serious as the number of nodes in the network increases. In this paper, we propose a new data distribution method to compensate for vulnerability and failure based on the Secret Sharing Scheme. In addition, we will confirm the effect of our method through experiments. Concerning security, we compare our method with the existing TinySec, which is the major security architecture of Wireless Sensor Networks.

In 2009, Jeong et al. proposed a secure binding encryption scheme and an efficient secret broadcast scheme. This paper points out that the schemes have some errors and cannot operate correctly, contrary to their claims. In addition, this paper also proposes improvements of Jeong et al.'s scheme that can withstand the proposed attacks.